Buildbot failure in on tomcat-9.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/1118 Blamelist: remm Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch 9.0.x] 97d1d909e407ee783ee69d0a3dc5e5b00b3aadfd Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: OpenSSLConf is not supported by BoringSSL
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new de48602c9e OpenSSLConf is not supported by BoringSSL
de48602c9e is described below
commit de48602c9e72a9121aff1c4626d056954ac421af
Author: remm
AuthorDate: Mon Oct 7 13:05:10 2024 +0200
OpenSSLConf is not supported by BoringSSL
---
.../util/net/openssl/panama/LocalStrings.properties | 1 +
.../util/net/openssl/panama/OpenSSLContext.java | 20
webapps/docs/changelog.xml | 3 +++
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git
a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
index dc6294ff28..7cc6531ec7 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
@@ -83,6 +83,7 @@ opensslconf.finishFailed=OpenSSLConf finish failed with
result [{0}]
opensslconf.noCommandName=OpenSSLConf no command name - will be ignored
(command value [{0}])
opensslconf.resultCommand=OpenSSLConf command (name [{0}], value [{1}])
returned [{2}]
opensslconf.unknownCommandType=SSL_CONF command [{0}] type unknown
+opensslconf.unsupported=The OpenSSL implementation does not support OpenSSLConf
openssllibrary.ciphersFailure=Failed getting cipher list
openssllibrary.currentFIPSMode=Current FIPS mode: [{0}]
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 29d017f496..1823fd99e9 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -174,14 +174,18 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (log.isTraceEnabled()) {
log.trace(sm.getString("openssl.makeConf"));
}
-confCtx = SSL_CONF_CTX_new();
-if (MemorySegment.NULL.equals(confCtx)) {
-throw new SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+if (!openssl_h_Compatibility.BORINGSSL) {
+confCtx = SSL_CONF_CTX_new();
+if (MemorySegment.NULL.equals(confCtx)) {
+throw new
SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+}
+SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
+SSL_CONF_FLAG_SERVER() |
+SSL_CONF_FLAG_CERTIFICATE() |
+SSL_CONF_FLAG_SHOW_ERRORS());
+} else {
+log.error(sm.getString("opensslconf.unsupported"));
}
-SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
-SSL_CONF_FLAG_SERVER() |
-SSL_CONF_FLAG_CERTIFICATE() |
-SSL_CONF_FLAG_SHOW_ERRORS());
}
// SSL protocol
@@ -1396,7 +1400,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
this.confCtx =
confCtx.reinterpret(ValueLayout.ADDRESS.byteSize(), stateArena,
(MemorySegment t) -> SSL_CONF_CTX_free(t));
} else {
-this.confCtx = null;
+this.confCtx = MemorySegment.NULL;
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c353d0e7e5..e95416ec92 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,9 @@
Return null SSL session id on zero length byte array returned from the
SSL implementation. (remm)
+
+Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: OpenSSLConf is not supported by BoringSSL
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 6588893055 OpenSSLConf is not supported by BoringSSL
6588893055 is described below
commit 658889305543dd9d2a25d73a2b018cc9baacecbe
Author: remm
AuthorDate: Mon Oct 7 13:05:10 2024 +0200
OpenSSLConf is not supported by BoringSSL
---
.../util/net/openssl/panama/LocalStrings.properties | 1 +
.../util/net/openssl/panama/OpenSSLContext.java | 20
webapps/docs/changelog.xml | 3 +++
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git
a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
index af520f2115..e1c58ce12e 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
@@ -86,6 +86,7 @@ opensslconf.finishFailed=OpenSSLConf finish failed with
result [{0}]
opensslconf.noCommandName=OpenSSLConf no command name - will be ignored
(command value [{0}])
opensslconf.resultCommand=OpenSSLConf command (name [{0}], value [{1}])
returned [{2}]
opensslconf.unknownCommandType=SSL_CONF command [{0}] type unknown
+opensslconf.unsupported=The OpenSSL implementation does not support OpenSSLConf
openssllibrary.ciphersFailure=Failed getting cipher list
openssllibrary.currentFIPSMode=Current FIPS mode: [{0}]
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 29d017f496..1823fd99e9 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -174,14 +174,18 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (log.isTraceEnabled()) {
log.trace(sm.getString("openssl.makeConf"));
}
-confCtx = SSL_CONF_CTX_new();
-if (MemorySegment.NULL.equals(confCtx)) {
-throw new SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+if (!openssl_h_Compatibility.BORINGSSL) {
+confCtx = SSL_CONF_CTX_new();
+if (MemorySegment.NULL.equals(confCtx)) {
+throw new
SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+}
+SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
+SSL_CONF_FLAG_SERVER() |
+SSL_CONF_FLAG_CERTIFICATE() |
+SSL_CONF_FLAG_SHOW_ERRORS());
+} else {
+log.error(sm.getString("opensslconf.unsupported"));
}
-SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
-SSL_CONF_FLAG_SERVER() |
-SSL_CONF_FLAG_CERTIFICATE() |
-SSL_CONF_FLAG_SHOW_ERRORS());
}
// SSL protocol
@@ -1396,7 +1400,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
this.confCtx =
confCtx.reinterpret(ValueLayout.ADDRESS.byteSize(), stateArena,
(MemorySegment t) -> SSL_CONF_CTX_free(t));
} else {
-this.confCtx = null;
+this.confCtx = MemorySegment.NULL;
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8746cc4de4..73848c3a29 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,9 @@
Return null SSL session id on zero length byte array returned from the
SSL implementation. (remm)
+
+Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Skip tests for some OpenSSL derivatives
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new fa28934ab9 Skip tests for some OpenSSL derivatives
fa28934ab9 is described below
commit fa28934ab98aa0506a0dce1addc3fc197424feaf
Author: remm
AuthorDate: Mon Oct 7 13:30:30 2024 +0200
Skip tests for some OpenSSL derivatives
---
test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 7 +++
test/org/apache/tomcat/util/net/TestClientCert.java | 12
test/org/apache/tomcat/util/net/TestClientCertTls13.java | 7 +++
.../apache/tomcat/util/net/TestCustomSslTrustManager.java| 7 +++
test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java | 5 +
test/org/apache/tomcat/util/net/TestSsl.java | 6 ++
test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java | 3 +++
7 files changed, 47 insertions(+)
diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
index 0fcecf1f4b..8e15f79627 100644
--- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
+++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
@@ -44,6 +44,7 @@ import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.TesterSupport;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
@RunWith(Parameterized.class)
public class TestResolverSSL extends TomcatBaseTest {
@@ -82,6 +83,12 @@ public class TestResolverSSL extends TomcatBaseTest {
sslHostConfig.setSessionCacheSize(20 * 1024);
tomcat.start();
+
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
// Just look a bit at the result
System.out.println(res.toString());
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java
b/test/org/apache/tomcat/util/net/TestClientCert.java
index eeabba688c..2ff237aac3 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -22,6 +22,7 @@ import java.util.Collection;
import java.util.List;
import org.junit.Assert;
+import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -31,6 +32,7 @@ import org.apache.catalina.Context;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
/**
* The keys and certificates used in this file are all available in svn and
were
@@ -84,6 +86,11 @@ public class TestClientCert extends TomcatBaseTest {
getTomcatInstance().start();
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
// Unprotected resource
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/unprotected");
@@ -156,6 +163,11 @@ public class TestClientCert extends TomcatBaseTest {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
byte[] body = new byte[bodySize];
Arrays.fill(body, TesterSupport.DATA);
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index 5f8555b1c8..d74e2e8f87 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -79,6 +79,10 @@ public class TestClientCertTls13 extends TomcatBaseTest {
public void testClientCertGet() throws Exception {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+
+Assume.assumeFalse("LibreSSL does not allow PHA",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
(tomcat) branch main updated: Align buffer use pattern with the FFM code
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new dd61cbee8e Align buffer use pattern with the FFM code
dd61cbee8e is described below
commit dd61cbee8e0c5338eb044c3ab25da7fc0bc8a2df
Author: remm
AuthorDate: Mon Oct 7 15:01:46 2024 +0200
Align buffer use pattern with the FFM code
This uses 18KB of memory per connection.
---
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 10 ++
webapps/docs/changelog.xml | 4
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 99bd981944..890d473374 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -136,6 +136,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
private final OpenSSLState state;
private final Cleanable cleanable;
+private ByteBuffer buf =
ByteBuffer.allocateDirect(MAX_ENCRYPTED_PACKET_LENGTH);
private enum Accepted { NOT, IMPLICIT, EXPLICIT }
private Accepted accepted = Accepted.NOT;
@@ -225,6 +226,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
cleanable.clean();
// internal errors can cause shutdown without marking the engine
closed
isInboundDone = isOutboundDone = engineClosed = true;
+ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -252,7 +254,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
return sslWrote;
}
} else {
-ByteBuffer buf = ByteBuffer.allocateDirect(len);
try {
final long addr = Buffer.address(buf);
@@ -273,7 +274,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
} finally {
buf.clear();
-ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -300,7 +300,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
return netWrote;
}
} else {
-ByteBuffer buf = ByteBuffer.allocateDirect(len);
try {
final long addr = Buffer.address(buf);
@@ -318,7 +317,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
} finally {
buf.clear();
-ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -346,7 +344,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
final int pos = dst.position();
final int limit = dst.limit();
final int len = Math.min(MAX_ENCRYPTED_PACKET_LENGTH, limit - pos);
-final ByteBuffer buf = ByteBuffer.allocateDirect(len);
try {
final long addr = Buffer.address(buf);
@@ -362,7 +359,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
} finally {
buf.clear();
-ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -386,7 +382,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
checkLastError();
}
} else {
-final ByteBuffer buf = ByteBuffer.allocateDirect(pending);
try {
final long addr = Buffer.address(buf);
@@ -403,7 +398,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
} finally {
buf.clear();
-ByteBufferUtils.cleanDirectBuffer(buf);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e84918a8e5..f4b8814599 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -155,6 +155,10 @@
Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+
+Align buffer reuse of the OpenSSLEngine for tomcat-native with the FFM
+code. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69380] Tomcat 8.5.100 Core Binary Distrubution software download links are broken
https://bz.apache.org/bugzilla/show_bug.cgi?id=69380 --- Comment #4 from Remy Maucherat --- The old download page in still in the docs (not in the xdocs), and I guess the link can come from old announcements. I'll cleanup the docs folder. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1921168 - in /tomcat/site/trunk/docs: download-80.cgi download-80.html
Author: remm Date: Mon Oct 7 20:20:08 2024 New Revision: 1921168 URL: http://svn.apache.org/viewvc?rev=1921168&view=rev Log: Drop 8.x download page Removed: tomcat/site/trunk/docs/download-80.cgi tomcat/site/trunk/docs/download-80.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69379] HEAD request behavior change does no adhere to RFC 9110
https://bz.apache.org/bugzilla/show_bug.cgi?id=69379 m...@jfrog.com changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID |--- --- Comment #2 from m...@jfrog.com --- The duplicate bug provided mentions in its last comment that was indeed a real bug and was fixed for Tomcat 9 and below. Now there is a regression on Tomcat 10. I do not understand why this is being marked as invalid. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Propagate OpenSSL variant identification
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new ce66059785 Propagate OpenSSL variant identification
ce66059785 is described below
commit ce6605978583d180e4b888e59ad318e8fa9f9d29
Author: remm
AuthorDate: Mon Oct 7 09:38:10 2024 +0200
Propagate OpenSSL variant identification
This could be used to cleanup the testsuite behavior by skipping some
tests for some unsupported combinations (for example with
renegotiation).
---
.../tomcat/util/net/openssl/OpenSSLStatus.java | 30 ++
.../util/net/openssl/panama/OpenSSLLibrary.java| 9 +++
.../util/openssl/openssl_h_Compatibility.java | 4 ++-
3 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
index ae190beff0..daf346d5b8 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
@@ -20,12 +20,21 @@ package org.apache.tomcat.util.net.openssl;
* Holds OpenSSL status without the need to load other classes.
*/
public class OpenSSLStatus {
+
+/**
+ * OpenSSL library variant that has been identified
+ */
+public enum Name {
+OPENSSL, OPENSSL3, LIBRESSL, BORINGSSL, UNKNOWN
+}
+
private static volatile boolean libraryInitialized = false;
private static volatile boolean initialized = false;
private static volatile boolean available = false;
private static volatile boolean useOpenSSL = true;
private static volatile boolean instanceCreated = false;
private static volatile long version = 0;
+private static volatile Name name = Name.UNKNOWN;
public static boolean isLibraryInitialized() {
@@ -82,4 +91,25 @@ public class OpenSSLStatus {
OpenSSLStatus.version = version;
}
+/**
+ * @return the library name
+ */
+public static Name getName() {
+return name;
+}
+
+/**
+ * @param name the name to set
+ */
+public static void setName(Name name) {
+OpenSSLStatus.name = name;
+}
+
+/**
+ * @return true if running with OpenSSL 3.0+
+ */
+public static boolean isOpenSSL3() {
+return Name.OPENSSL3.equals(name);
+}
+
}
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
index 17204fd274..e6320133bb 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
@@ -182,6 +182,15 @@ public class OpenSSLLibrary {
initLibrary();
OpenSSLStatus.setVersion(OpenSSL_version_num());
+if (openssl_h_Compatibility.OPENSSL3) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.OPENSSL3);
+} else if (openssl_h_Compatibility.OPENSSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.OPENSSL);
+} else if (openssl_h_Compatibility.LIBRESSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.LIBRESSL);
+} else if (openssl_h_Compatibility.BORINGSSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.BORINGSSL);
+}
// OpenSSL 3 onwards uses providers
diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
index 29f39f0481..ba78a3ef92 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
@@ -29,12 +29,14 @@ import static
org.apache.tomcat.util.openssl.openssl_h.SSL_get1_peer_certificate
*/
public class openssl_h_Compatibility {
+public static final boolean OPENSSL;
public static final boolean OPENSSL3;
public static final boolean BORINGSSL;
public static final boolean LIBRESSL;
static {
String versionString = OpenSSL_version(0).getString(0);
-OPENSSL3 = versionString.contains("OpenSSL") && OpenSSL_version_num()
>= 0x300fL;
+OPENSSL = versionString.contains("OpenSSL");
+OPENSSL3 = OPENSSL && OpenSSL_version_num() >= 0x300fL;
BORINGSSL = versionString.contains("BoringSSL");
LIBRESSL = versionString.contains("LibreSSL");
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Propagate OpenSSL variant identification
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 40e830d54f Propagate OpenSSL variant identification
40e830d54f is described below
commit 40e830d54fe1431c8213f09a440dfd2e644bec8d
Author: remm
AuthorDate: Mon Oct 7 09:38:10 2024 +0200
Propagate OpenSSL variant identification
This could be used to cleanup the testsuite behavior by skipping some
tests for some unsupported combinations (for example with
renegotiation).
---
.../tomcat/util/net/openssl/OpenSSLStatus.java | 30 ++
.../util/net/openssl/panama/OpenSSLLibrary.java| 9 +++
.../util/openssl/openssl_h_Compatibility.java | 4 ++-
3 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
index ae190beff0..daf346d5b8 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
@@ -20,12 +20,21 @@ package org.apache.tomcat.util.net.openssl;
* Holds OpenSSL status without the need to load other classes.
*/
public class OpenSSLStatus {
+
+/**
+ * OpenSSL library variant that has been identified
+ */
+public enum Name {
+OPENSSL, OPENSSL3, LIBRESSL, BORINGSSL, UNKNOWN
+}
+
private static volatile boolean libraryInitialized = false;
private static volatile boolean initialized = false;
private static volatile boolean available = false;
private static volatile boolean useOpenSSL = true;
private static volatile boolean instanceCreated = false;
private static volatile long version = 0;
+private static volatile Name name = Name.UNKNOWN;
public static boolean isLibraryInitialized() {
@@ -82,4 +91,25 @@ public class OpenSSLStatus {
OpenSSLStatus.version = version;
}
+/**
+ * @return the library name
+ */
+public static Name getName() {
+return name;
+}
+
+/**
+ * @param name the name to set
+ */
+public static void setName(Name name) {
+OpenSSLStatus.name = name;
+}
+
+/**
+ * @return true if running with OpenSSL 3.0+
+ */
+public static boolean isOpenSSL3() {
+return Name.OPENSSL3.equals(name);
+}
+
}
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
index 17204fd274..e6320133bb 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
@@ -182,6 +182,15 @@ public class OpenSSLLibrary {
initLibrary();
OpenSSLStatus.setVersion(OpenSSL_version_num());
+if (openssl_h_Compatibility.OPENSSL3) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.OPENSSL3);
+} else if (openssl_h_Compatibility.OPENSSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.OPENSSL);
+} else if (openssl_h_Compatibility.LIBRESSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.LIBRESSL);
+} else if (openssl_h_Compatibility.BORINGSSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.BORINGSSL);
+}
// OpenSSL 3 onwards uses providers
diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
index 29f39f0481..ba78a3ef92 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
@@ -29,12 +29,14 @@ import static
org.apache.tomcat.util.openssl.openssl_h.SSL_get1_peer_certificate
*/
public class openssl_h_Compatibility {
+public static final boolean OPENSSL;
public static final boolean OPENSSL3;
public static final boolean BORINGSSL;
public static final boolean LIBRESSL;
static {
String versionString = OpenSSL_version(0).getString(0);
-OPENSSL3 = versionString.contains("OpenSSL") && OpenSSL_version_num()
>= 0x300fL;
+OPENSSL = versionString.contains("OpenSSL");
+OPENSSL3 = OPENSSL && OpenSSL_version_num() >= 0x300fL;
BORINGSSL = versionString.contains("BoringSSL");
LIBRESSL = versionString.contains("LibreSSL");
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Propagate OpenSSL variant identification
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 99c95cac34 Propagate OpenSSL variant identification
99c95cac34 is described below
commit 99c95cac3440d1909a371150b8ed696788da489f
Author: remm
AuthorDate: Mon Oct 7 09:38:10 2024 +0200
Propagate OpenSSL variant identification
This could be used to cleanup the testsuite behavior by skipping some
tests for some unsupported combinations (for example with
renegotiation).
---
.../tomcat/util/net/openssl/OpenSSLStatus.java | 30 ++
.../util/net/openssl/panama/OpenSSLLibrary.java| 9 +++
.../util/openssl/openssl_h_Compatibility.java | 4 ++-
3 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
index ae190beff0..daf346d5b8 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
@@ -20,12 +20,21 @@ package org.apache.tomcat.util.net.openssl;
* Holds OpenSSL status without the need to load other classes.
*/
public class OpenSSLStatus {
+
+/**
+ * OpenSSL library variant that has been identified
+ */
+public enum Name {
+OPENSSL, OPENSSL3, LIBRESSL, BORINGSSL, UNKNOWN
+}
+
private static volatile boolean libraryInitialized = false;
private static volatile boolean initialized = false;
private static volatile boolean available = false;
private static volatile boolean useOpenSSL = true;
private static volatile boolean instanceCreated = false;
private static volatile long version = 0;
+private static volatile Name name = Name.UNKNOWN;
public static boolean isLibraryInitialized() {
@@ -82,4 +91,25 @@ public class OpenSSLStatus {
OpenSSLStatus.version = version;
}
+/**
+ * @return the library name
+ */
+public static Name getName() {
+return name;
+}
+
+/**
+ * @param name the name to set
+ */
+public static void setName(Name name) {
+OpenSSLStatus.name = name;
+}
+
+/**
+ * @return true if running with OpenSSL 3.0+
+ */
+public static boolean isOpenSSL3() {
+return Name.OPENSSL3.equals(name);
+}
+
}
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
index 17204fd274..e6320133bb 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
@@ -182,6 +182,15 @@ public class OpenSSLLibrary {
initLibrary();
OpenSSLStatus.setVersion(OpenSSL_version_num());
+if (openssl_h_Compatibility.OPENSSL3) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.OPENSSL3);
+} else if (openssl_h_Compatibility.OPENSSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.OPENSSL);
+} else if (openssl_h_Compatibility.LIBRESSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.LIBRESSL);
+} else if (openssl_h_Compatibility.BORINGSSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.BORINGSSL);
+}
// OpenSSL 3 onwards uses providers
diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
index 29f39f0481..ba78a3ef92 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
@@ -29,12 +29,14 @@ import static
org.apache.tomcat.util.openssl.openssl_h.SSL_get1_peer_certificate
*/
public class openssl_h_Compatibility {
+public static final boolean OPENSSL;
public static final boolean OPENSSL3;
public static final boolean BORINGSSL;
public static final boolean LIBRESSL;
static {
String versionString = OpenSSL_version(0).getString(0);
-OPENSSL3 = versionString.contains("OpenSSL") && OpenSSL_version_num()
>= 0x300fL;
+OPENSSL = versionString.contains("OpenSSL");
+OPENSSL3 = OPENSSL && OpenSSL_version_num() >= 0x300fL;
BORINGSSL = versionString.contains("BoringSSL");
LIBRESSL = versionString.contains("LibreSSL");
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Propagate OpenSSL variant identification
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new b225c69cb0 Propagate OpenSSL variant identification
b225c69cb0 is described below
commit b225c69cb07846bd0952a1378cec505733fc6c44
Author: remm
AuthorDate: Mon Oct 7 09:38:10 2024 +0200
Propagate OpenSSL variant identification
This could be used to cleanup the testsuite behavior by skipping some
tests for some unsupported combinations (for example with
renegotiation).
---
.../tomcat/util/net/openssl/OpenSSLStatus.java | 30 ++
.../util/net/openssl/panama/OpenSSLLibrary.java| 9 +++
.../util/openssl/openssl_h_Compatibility.java | 4 ++-
3 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
index ae190beff0..daf346d5b8 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLStatus.java
@@ -20,12 +20,21 @@ package org.apache.tomcat.util.net.openssl;
* Holds OpenSSL status without the need to load other classes.
*/
public class OpenSSLStatus {
+
+/**
+ * OpenSSL library variant that has been identified
+ */
+public enum Name {
+OPENSSL, OPENSSL3, LIBRESSL, BORINGSSL, UNKNOWN
+}
+
private static volatile boolean libraryInitialized = false;
private static volatile boolean initialized = false;
private static volatile boolean available = false;
private static volatile boolean useOpenSSL = true;
private static volatile boolean instanceCreated = false;
private static volatile long version = 0;
+private static volatile Name name = Name.UNKNOWN;
public static boolean isLibraryInitialized() {
@@ -82,4 +91,25 @@ public class OpenSSLStatus {
OpenSSLStatus.version = version;
}
+/**
+ * @return the library name
+ */
+public static Name getName() {
+return name;
+}
+
+/**
+ * @param name the name to set
+ */
+public static void setName(Name name) {
+OpenSSLStatus.name = name;
+}
+
+/**
+ * @return true if running with OpenSSL 3.0+
+ */
+public static boolean isOpenSSL3() {
+return Name.OPENSSL3.equals(name);
+}
+
}
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
index 17204fd274..e6320133bb 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
@@ -182,6 +182,15 @@ public class OpenSSLLibrary {
initLibrary();
OpenSSLStatus.setVersion(OpenSSL_version_num());
+if (openssl_h_Compatibility.OPENSSL3) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.OPENSSL3);
+} else if (openssl_h_Compatibility.OPENSSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.OPENSSL);
+} else if (openssl_h_Compatibility.LIBRESSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.LIBRESSL);
+} else if (openssl_h_Compatibility.BORINGSSL) {
+OpenSSLStatus.setName(OpenSSLStatus.Name.BORINGSSL);
+}
// OpenSSL 3 onwards uses providers
diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
index 29f39f0481..ba78a3ef92 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
@@ -29,12 +29,14 @@ import static
org.apache.tomcat.util.openssl.openssl_h.SSL_get1_peer_certificate
*/
public class openssl_h_Compatibility {
+public static final boolean OPENSSL;
public static final boolean OPENSSL3;
public static final boolean BORINGSSL;
public static final boolean LIBRESSL;
static {
String versionString = OpenSSL_version(0).getString(0);
-OPENSSL3 = versionString.contains("OpenSSL") && OpenSSL_version_num()
>= 0x300fL;
+OPENSSL = versionString.contains("OpenSSL");
+OPENSSL3 = OPENSSL && OpenSSL_version_num() >= 0x300fL;
BORINGSSL = versionString.contains("BoringSSL");
LIBRESSL = versionString.contains("LibreSSL");
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69379] HEAD request behavior change does no adhere to RFC 9110
https://bz.apache.org/bugzilla/show_bug.cgi?id=69379 Remy Maucherat changed: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from Remy Maucherat --- See bug 59310. The content-legth for HEAD is the same as GET, which is correct. If you would like to reopen this BZ, please provide a ready to use testsuite addition that demonstrates the incorrect behavior. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Make the HEAD test more meaningful by writing actual content
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new ec885f2c68 Make the HEAD test more meaningful by writing actual content
ec885f2c68 is described below
commit ec885f2c6839e0cb421c4aebb92ab7f78b2dcbab
Author: remm
AuthorDate: Mon Oct 7 09:19:10 2024 +0200
Make the HEAD test more meaningful by writing actual content
---
test/org/apache/coyote/http11/TestHttp11Processor.java | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/coyote/http11/TestHttp11Processor.java
b/test/org/apache/coyote/http11/TestHttp11Processor.java
index c1fad26110..fed616435b 100644
--- a/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ b/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -813,8 +813,8 @@ public class TestHttp11Processor extends TomcatBaseTest {
Assert.assertEquals(HttpServletResponse.SC_OK, getStatus);
Assert.assertEquals(HttpServletResponse.SC_OK, headStatus);
-Assert.assertEquals(0, getBody.getLength());
-Assert.assertEquals(0, headBody.getLength());
+Assert.assertEquals(2, getBody.getLength());
+Assert.assertEquals(2, headBody.getLength());
if (getHeaders.containsKey("Content-Length")) {
Assert.assertEquals(getHeaders.get("Content-Length"),
headHeaders.get("Content-Length"));
@@ -830,10 +830,12 @@ public class TestHttp11Processor extends TomcatBaseTest {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
+resp.getWriter().print("OK");
}
@Override
protected void doHead(HttpServletRequest req, HttpServletResponse
resp) throws ServletException, IOException {
+resp.getWriter().print("OK");
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Make the HEAD test more meaningful by writing actual content
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 4c9070b2da Make the HEAD test more meaningful by writing actual content
4c9070b2da is described below
commit 4c9070b2da155f17d451b424c7a763fa12269de6
Author: remm
AuthorDate: Mon Oct 7 09:19:10 2024 +0200
Make the HEAD test more meaningful by writing actual content
---
test/org/apache/coyote/http11/TestHttp11Processor.java | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/coyote/http11/TestHttp11Processor.java
b/test/org/apache/coyote/http11/TestHttp11Processor.java
index c1fad26110..fed616435b 100644
--- a/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ b/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -813,8 +813,8 @@ public class TestHttp11Processor extends TomcatBaseTest {
Assert.assertEquals(HttpServletResponse.SC_OK, getStatus);
Assert.assertEquals(HttpServletResponse.SC_OK, headStatus);
-Assert.assertEquals(0, getBody.getLength());
-Assert.assertEquals(0, headBody.getLength());
+Assert.assertEquals(2, getBody.getLength());
+Assert.assertEquals(2, headBody.getLength());
if (getHeaders.containsKey("Content-Length")) {
Assert.assertEquals(getHeaders.get("Content-Length"),
headHeaders.get("Content-Length"));
@@ -830,10 +830,12 @@ public class TestHttp11Processor extends TomcatBaseTest {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
+resp.getWriter().print("OK");
}
@Override
protected void doHead(HttpServletRequest req, HttpServletResponse
resp) throws ServletException, IOException {
+resp.getWriter().print("OK");
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Return null SSL session on zero length array
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new dc327dfe21 Return null SSL session on zero length array
dc327dfe21 is described below
commit dc327dfe21ace9e3f80ff3a0faa0a4597cf6a4a4
Author: remm
AuthorDate: Mon Oct 7 11:08:31 2024 +0200
Return null SSL session on zero length array
---
java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
index 059cf7750c..d4438f66f4 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
@@ -170,7 +170,7 @@ public class JSSESupport implements SSLSupport,
SSLSessionManager {
}
// Expose ssl_session (getId)
byte [] ssl_session = session.getId();
-if ( ssl_session == null) {
+if (ssl_session == null || ssl_session.length == 0) {
return null;
}
StringBuilder buf=new StringBuilder();
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Make the HEAD test more meaningful by writing actual content
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 31a39a216b Make the HEAD test more meaningful by writing actual content
31a39a216b is described below
commit 31a39a216b6e3f160a46e2699306444f115fba56
Author: remm
AuthorDate: Mon Oct 7 09:19:10 2024 +0200
Make the HEAD test more meaningful by writing actual content
---
test/org/apache/coyote/http11/TestHttp11Processor.java | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/test/org/apache/coyote/http11/TestHttp11Processor.java
b/test/org/apache/coyote/http11/TestHttp11Processor.java
index 492df00050..bd575732ea 100644
--- a/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ b/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -813,8 +813,8 @@ public class TestHttp11Processor extends TomcatBaseTest {
Assert.assertEquals(HttpServletResponse.SC_OK, getStatus);
Assert.assertEquals(HttpServletResponse.SC_OK, headStatus);
-Assert.assertEquals(0, getBody.getLength());
-Assert.assertEquals(0, headBody.getLength());
+Assert.assertEquals(2, getBody.getLength());
+Assert.assertEquals(2, headBody.getLength());
if (getHeaders.containsKey("Content-Length")) {
Assert.assertEquals(getHeaders.get("Content-Length"),
headHeaders.get("Content-Length"));
@@ -830,10 +830,12 @@ public class TestHttp11Processor extends TomcatBaseTest {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
+resp.getWriter().print("OK");
}
@Override
protected void doHead(HttpServletRequest req, HttpServletResponse
resp) throws ServletException, IOException {
+resp.getWriter().print("OK");
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Make the HEAD test more meaningful by writing actual content
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new c74197e034 Make the HEAD test more meaningful by writing actual content
c74197e034 is described below
commit c74197e03450702a7902f3b364c8547a7cfeee89
Author: remm
AuthorDate: Mon Oct 7 09:19:10 2024 +0200
Make the HEAD test more meaningful by writing actual content
---
.../apache/coyote/http11/TestHttp11Processor.java | 26 --
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/test/org/apache/coyote/http11/TestHttp11Processor.java
b/test/org/apache/coyote/http11/TestHttp11Processor.java
index d2fd86e85d..4d97532999 100644
--- a/test/org/apache/coyote/http11/TestHttp11Processor.java
+++ b/test/org/apache/coyote/http11/TestHttp11Processor.java
@@ -802,14 +802,25 @@ public class TestHttp11Processor extends TomcatBaseTest {
tomcat.start();
-ByteChunk responseBody = new ByteChunk();
-Map> responseHeaders = new HashMap<>();
+ByteChunk getBody = new ByteChunk();
+Map> getHeaders = new HashMap<>();
+int getStatus = getUrl("http://localhost:"; + getPort() + "/test",
getBody, getHeaders);
-int rc = headUrl("http://localhost:"; + getPort() + "/test",
responseBody, responseHeaders);
+ByteChunk headBody = new ByteChunk();
+Map> headHeaders = new HashMap<>();
+int headStatus = getUrl("http://localhost:"; + getPort() + "/test",
headBody, headHeaders);
-Assert.assertEquals(HttpServletResponse.SC_OK, rc);
-Assert.assertEquals(0, responseBody.getLength());
-Assert.assertFalse(responseHeaders.containsKey("Content-Length"));
+Assert.assertEquals(HttpServletResponse.SC_OK, getStatus);
+Assert.assertEquals(HttpServletResponse.SC_OK, headStatus);
+
+Assert.assertEquals(2, getBody.getLength());
+Assert.assertEquals(2, headBody.getLength());
+
+if (getHeaders.containsKey("Content-Length")) {
+Assert.assertEquals(getHeaders.get("Content-Length"),
headHeaders.get("Content-Length"));
+} else {
+Assert.assertFalse(headHeaders.containsKey("Content-Length"));
+}
}
@@ -819,11 +830,12 @@ public class TestHttp11Processor extends TomcatBaseTest {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
-super.doGet(req, resp);
+resp.getWriter().print("OK");
}
@Override
protected void doHead(HttpServletRequest req, HttpServletResponse
resp) throws ServletException, IOException {
+resp.getWriter().print("OK");
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Return null SSL session on zero length array
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new fd65e3c59e Return null SSL session on zero length array
fd65e3c59e is described below
commit fd65e3c59eaa2f2c9f507ba6ea67918d7a6e4bb2
Author: remm
AuthorDate: Mon Oct 7 11:13:27 2024 +0200
Return null SSL session on zero length array
---
java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 2 +-
webapps/docs/changelog.xml| 8
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
index 059cf7750c..d4438f66f4 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
@@ -170,7 +170,7 @@ public class JSSESupport implements SSLSupport,
SSLSessionManager {
}
// Expose ssl_session (getId)
byte [] ssl_session = session.getId();
-if ( ssl_session == null) {
+if (ssl_session == null || ssl_session.length == 0) {
return null;
}
StringBuilder buf=new StringBuilder();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0c68760f90..c353d0e7e5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,14 @@
+
+
+
+Return null SSL session id on zero length byte array returned from the
+SSL implementation. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Return null SSL session on zero length array
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 5d13b4091c Return null SSL session on zero length array
5d13b4091c is described below
commit 5d13b4091ccdcb7af17eb41bcbb8ebf7c55b793b
Author: remm
AuthorDate: Mon Oct 7 11:13:27 2024 +0200
Return null SSL session on zero length array
---
java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 2 +-
webapps/docs/changelog.xml| 8
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
index 059cf7750c..d4438f66f4 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
@@ -170,7 +170,7 @@ public class JSSESupport implements SSLSupport,
SSLSessionManager {
}
// Expose ssl_session (getId)
byte [] ssl_session = session.getId();
-if ( ssl_session == null) {
+if (ssl_session == null || ssl_session.length == 0) {
return null;
}
StringBuilder buf=new StringBuilder();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8e6055031d..8746cc4de4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,14 @@
+
+
+
+Return null SSL session id on zero length byte array returned from the
+SSL implementation. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Return null SSL session on zero length array
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new f5391776ef Return null SSL session on zero length array
f5391776ef is described below
commit f5391776efbf5d10ba57ac38700bfe77def67547
Author: remm
AuthorDate: Mon Oct 7 11:13:27 2024 +0200
Return null SSL session on zero length array
---
java/org/apache/tomcat/util/net/jsse/JSSESupport.java | 2 +-
webapps/docs/changelog.xml| 8
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
index 75a4d21fba..be302d8547 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
@@ -181,7 +181,7 @@ public class JSSESupport implements SSLSupport,
SSLSessionManager {
}
// Expose ssl_session (getId)
byte [] ssl_session = session.getId();
-if ( ssl_session == null) {
+if (ssl_session == null || ssl_session.length == 0) {
return null;
}
StringBuilder buf=new StringBuilder();
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0344d8a92a..ed212655ba 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,14 @@
+
+
+
+Return null SSL session id on zero length byte array returned from the
+SSL implementation. (remm)
+
+
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Add changelog entry
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 2b8fde91a9 Add changelog entry 2b8fde91a9 is described below commit 2b8fde91a9bbc30f1580307294e1cafdee2a63f6 Author: remm AuthorDate: Mon Oct 7 13:01:49 2024 +0200 Add changelog entry --- webapps/docs/changelog.xml | 4 1 file changed, 4 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 0c6348b5b6..3889e502db 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -148,6 +148,10 @@ certificateKeystorePassword attribute of a certificate. (remm) + +Return null SSL session id on zero length byte array returned from the +SSL implementation. (remm) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: OpenSSLConf is not supported by BoringSSL
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 16e64a9fb9 OpenSSLConf is not supported by BoringSSL
16e64a9fb9 is described below
commit 16e64a9fb904c70a9f15e5e021bf67fb4f6b42df
Author: remm
AuthorDate: Mon Oct 7 13:05:10 2024 +0200
OpenSSLConf is not supported by BoringSSL
---
.../util/net/openssl/panama/LocalStrings.properties | 1 +
.../util/net/openssl/panama/OpenSSLContext.java | 20
webapps/docs/changelog.xml | 3 +++
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git
a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
index af520f2115..e1c58ce12e 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
@@ -86,6 +86,7 @@ opensslconf.finishFailed=OpenSSLConf finish failed with
result [{0}]
opensslconf.noCommandName=OpenSSLConf no command name - will be ignored
(command value [{0}])
opensslconf.resultCommand=OpenSSLConf command (name [{0}], value [{1}])
returned [{2}]
opensslconf.unknownCommandType=SSL_CONF command [{0}] type unknown
+opensslconf.unsupported=The OpenSSL implementation does not support OpenSSLConf
openssllibrary.ciphersFailure=Failed getting cipher list
openssllibrary.currentFIPSMode=Current FIPS mode: [{0}]
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 29d017f496..1823fd99e9 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -174,14 +174,18 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (log.isTraceEnabled()) {
log.trace(sm.getString("openssl.makeConf"));
}
-confCtx = SSL_CONF_CTX_new();
-if (MemorySegment.NULL.equals(confCtx)) {
-throw new SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+if (!openssl_h_Compatibility.BORINGSSL) {
+confCtx = SSL_CONF_CTX_new();
+if (MemorySegment.NULL.equals(confCtx)) {
+throw new
SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+}
+SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
+SSL_CONF_FLAG_SERVER() |
+SSL_CONF_FLAG_CERTIFICATE() |
+SSL_CONF_FLAG_SHOW_ERRORS());
+} else {
+log.error(sm.getString("opensslconf.unsupported"));
}
-SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
-SSL_CONF_FLAG_SERVER() |
-SSL_CONF_FLAG_CERTIFICATE() |
-SSL_CONF_FLAG_SHOW_ERRORS());
}
// SSL protocol
@@ -1396,7 +1400,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
this.confCtx =
confCtx.reinterpret(ValueLayout.ADDRESS.byteSize(), stateArena,
(MemorySegment t) -> SSL_CONF_CTX_free(t));
} else {
-this.confCtx = null;
+this.confCtx = MemorySegment.NULL;
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ed212655ba..b374b15c7f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -131,6 +131,9 @@
Return null SSL session id on zero length byte array returned from the
SSL implementation. (remm)
+
+Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Skip tests for some OpenSSL derivatives
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 1466acb8a4 Skip tests for some OpenSSL derivatives
1466acb8a4 is described below
commit 1466acb8a4beb695d3d41a145ec4854e1324e1b8
Author: remm
AuthorDate: Mon Oct 7 13:30:30 2024 +0200
Skip tests for some OpenSSL derivatives
---
test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 7 +++
test/org/apache/tomcat/util/net/TestClientCert.java | 12
test/org/apache/tomcat/util/net/TestClientCertTls13.java | 7 +++
.../apache/tomcat/util/net/TestCustomSslTrustManager.java| 7 +++
test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java | 5 +
test/org/apache/tomcat/util/net/TestSsl.java | 6 ++
test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java | 3 +++
7 files changed, 47 insertions(+)
diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
index 0fcecf1f4b..8e15f79627 100644
--- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
+++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
@@ -44,6 +44,7 @@ import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.TesterSupport;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
@RunWith(Parameterized.class)
public class TestResolverSSL extends TomcatBaseTest {
@@ -82,6 +83,12 @@ public class TestResolverSSL extends TomcatBaseTest {
sslHostConfig.setSessionCacheSize(20 * 1024);
tomcat.start();
+
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
// Just look a bit at the result
System.out.println(res.toString());
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java
b/test/org/apache/tomcat/util/net/TestClientCert.java
index eeabba688c..2ff237aac3 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -22,6 +22,7 @@ import java.util.Collection;
import java.util.List;
import org.junit.Assert;
+import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -31,6 +32,7 @@ import org.apache.catalina.Context;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
/**
* The keys and certificates used in this file are all available in svn and
were
@@ -84,6 +86,11 @@ public class TestClientCert extends TomcatBaseTest {
getTomcatInstance().start();
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
// Unprotected resource
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/unprotected");
@@ -156,6 +163,11 @@ public class TestClientCert extends TomcatBaseTest {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
byte[] body = new byte[bodySize];
Arrays.fill(body, TesterSupport.DATA);
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index 5f8555b1c8..d74e2e8f87 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -79,6 +79,10 @@ public class TestClientCertTls13 extends TomcatBaseTest {
public void testClientCertGet() throws Exception {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+
+Assume.assumeFalse("LibreSSL does not allow PHA",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected
(tomcat) branch 11.0.x updated: Skip tests for some OpenSSL derivatives
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new e19ff3e04b Skip tests for some OpenSSL derivatives
e19ff3e04b is described below
commit e19ff3e04b78239b53a2f258b200cfec54ede443
Author: remm
AuthorDate: Mon Oct 7 13:30:30 2024 +0200
Skip tests for some OpenSSL derivatives
---
test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 7 +++
test/org/apache/tomcat/util/net/TestClientCert.java | 12
test/org/apache/tomcat/util/net/TestClientCertTls13.java | 7 +++
.../apache/tomcat/util/net/TestCustomSslTrustManager.java| 7 +++
test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java | 5 +
test/org/apache/tomcat/util/net/TestSsl.java | 6 ++
test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java | 3 +++
7 files changed, 47 insertions(+)
diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
index 0fcecf1f4b..8e15f79627 100644
--- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
+++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
@@ -44,6 +44,7 @@ import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.TesterSupport;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
@RunWith(Parameterized.class)
public class TestResolverSSL extends TomcatBaseTest {
@@ -82,6 +83,12 @@ public class TestResolverSSL extends TomcatBaseTest {
sslHostConfig.setSessionCacheSize(20 * 1024);
tomcat.start();
+
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
// Just look a bit at the result
System.out.println(res.toString());
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java
b/test/org/apache/tomcat/util/net/TestClientCert.java
index eeabba688c..2ff237aac3 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -22,6 +22,7 @@ import java.util.Collection;
import java.util.List;
import org.junit.Assert;
+import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -31,6 +32,7 @@ import org.apache.catalina.Context;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
/**
* The keys and certificates used in this file are all available in svn and
were
@@ -84,6 +86,11 @@ public class TestClientCert extends TomcatBaseTest {
getTomcatInstance().start();
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
// Unprotected resource
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/unprotected");
@@ -156,6 +163,11 @@ public class TestClientCert extends TomcatBaseTest {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
byte[] body = new byte[bodySize];
Arrays.fill(body, TesterSupport.DATA);
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index 5f8555b1c8..d74e2e8f87 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -79,6 +79,10 @@ public class TestClientCertTls13 extends TomcatBaseTest {
public void testClientCertGet() throws Exception {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+
+Assume.assumeFalse("LibreSSL does not allow PHA",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected
(tomcat) branch 9.0.x updated: Skip tests for some OpenSSL derivatives
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 97d1d909e4 Skip tests for some OpenSSL derivatives
97d1d909e4 is described below
commit 97d1d909e407ee783ee69d0a3dc5e5b00b3aadfd
Author: remm
AuthorDate: Mon Oct 7 13:30:30 2024 +0200
Skip tests for some OpenSSL derivatives
---
test/org/apache/catalina/valves/rewrite/TestResolverSSL.java | 7 +++
test/org/apache/tomcat/util/net/TestClientCert.java | 12
test/org/apache/tomcat/util/net/TestClientCertTls13.java | 7 +++
.../apache/tomcat/util/net/TestCustomSslTrustManager.java| 7 +++
test/org/apache/tomcat/util/net/TestSSLHostConfigCompat.java | 5 +
test/org/apache/tomcat/util/net/TestSsl.java | 6 ++
test/org/apache/tomcat/util/net/openssl/TestOpenSSLConf.java | 3 +++
7 files changed, 47 insertions(+)
diff --git a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
index c9374260f5..7b2c7a095b 100644
--- a/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
+++ b/test/org/apache/catalina/valves/rewrite/TestResolverSSL.java
@@ -44,6 +44,7 @@ import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.TesterSupport;
import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
@RunWith(Parameterized.class)
public class TestResolverSSL extends TomcatBaseTest {
@@ -82,6 +83,12 @@ public class TestResolverSSL extends TomcatBaseTest {
sslHostConfig.setSessionCacheSize(20 * 1024);
tomcat.start();
+
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected");
// Just look a bit at the result
System.out.println(res.toString());
diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java
b/test/org/apache/tomcat/util/net/TestClientCert.java
index eeabba688c..2ff237aac3 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -22,6 +22,7 @@ import java.util.Collection;
import java.util.List;
import org.junit.Assert;
+import org.junit.Assume;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
@@ -31,6 +32,7 @@ import org.apache.catalina.Context;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.openssl.OpenSSLStatus;
/**
* The keys and certificates used in this file are all available in svn and
were
@@ -84,6 +86,11 @@ public class TestClientCert extends TomcatBaseTest {
getTomcatInstance().start();
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
// Unprotected resource
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/unprotected");
@@ -156,6 +163,11 @@ public class TestClientCert extends TomcatBaseTest {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+Assume.assumeFalse("LibreSSL does not allow renegotiation",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+Assume.assumeFalse("BoringSSL does not allow TLS renegotiation",
+OpenSSLStatus.Name.BORINGSSL.equals(OpenSSLStatus.getName()));
+
byte[] body = new byte[bodySize];
Arrays.fill(body, TesterSupport.DATA);
diff --git a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
index 5f8555b1c8..d74e2e8f87 100644
--- a/test/org/apache/tomcat/util/net/TestClientCertTls13.java
+++ b/test/org/apache/tomcat/util/net/TestClientCertTls13.java
@@ -79,6 +79,10 @@ public class TestClientCertTls13 extends TomcatBaseTest {
public void testClientCertGet() throws Exception {
Tomcat tomcat = getTomcatInstance();
tomcat.start();
+
+Assume.assumeFalse("LibreSSL does not allow PHA",
+OpenSSLStatus.Name.LIBRESSL.equals(OpenSSLStatus.getName()));
+
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/protected")
Re: [VOTE] Release Apache Tomcat 11.0.0
Am 3. Oktober 2024 19:58:13 MESZ schrieb Mark Thomas : >The proposed Apache Tomcat 11.0.0 release is now available for voting. > >The notable changes compared to 11.0.0-M26 include: > >- Multiple fixes and improvements for WebDAV >- Improvements to the recently adding request/response recycling for > HTTP/2 >- Improve the stability of Tomcat Native during GC > >For full details, see the change log: >https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > >Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 >without changes. Java EE applications designed for Tomcat 9 and earlier may be >placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will >automatically convert them to Jakarta EE and copy them to the webapps >directory. Applications using deprecated APIs may require further changes. > >It can be obtained from: >https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0/ > >The Maven staging repo is: >https://repository.apache.org/content/repositories/orgapachetomcat-1517 > >The tag is: >https://github.com/apache/tomcat/tree/11.0.0 >56e547d387ab49f688c93fe9ca082b1b5d94deed > >The proposed 11.0.0 release is: >[ ] -1 Broken - do not release >[X] +1 Stable - go ahead and release as 11.0.0 +1 for stable. Thanks for RM Felix > >- >To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69380] Tomcat 8.5.100 Core Binary Distrubution software download links are broken
https://bz.apache.org/bugzilla/show_bug.cgi?id=69380 Remy Maucherat changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #1 from Remy Maucherat --- Since Tomcat 8.5 is now EOL, downloads were taken down. It is still available in the archive (Download -> Archives). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.31
Am 3. Oktober 2024 23:35:50 MESZ schrieb Christopher Schultz : >The proposed Apache Tomcat 10.1.31 release is now available for >voting. > >All committers and PMC members are kindly requested to provide a vote if >possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. >We welcome non-committer votes or comments on release builds. > >The notable changes compared to 10.1.30 are: > >- Multiple fixes and improvements for WebDAV >- Improvements to the recently adding request/response recycling for > HTTP/2 >- Improve the stability of Tomcat Native during GC > >For full details, see the change log: >https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > >Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 >without changes. Java EE applications designed for Tomcat 9 and earlier may be >placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will >automatically convert them to Jakarta EE and copy them to the webapps >directory. > >It can be obtained from: >https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.31/ > >The Maven staging repo is: >https://repository.apache.org/content/repositories/orgapachetomcat-1518 > >The tag is: >https://github.com/apache/tomcat/tree/10.1.31 >https://github.com/apache/tomcat/commit/b07cda9f3cc385f6f2d6c0701a050317979745dc > >Please reply with a +1 for release or +0/-0/-1 with an explanation. +1 Tests pass inside a Debian docker image with tcnative 2.0.8 and openssl 3.3.2. Thanks for RM Felix > >- >To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: OpenSSLConf is not supported by BoringSSL
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 8af10eb85f OpenSSLConf is not supported by BoringSSL
8af10eb85f is described below
commit 8af10eb85f311a58de5ce68317d40211d62095bf
Author: remm
AuthorDate: Mon Oct 7 13:05:10 2024 +0200
OpenSSLConf is not supported by BoringSSL
---
.../util/net/openssl/panama/LocalStrings.properties | 1 +
.../util/net/openssl/panama/OpenSSLContext.java | 20
webapps/docs/changelog.xml | 3 +++
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git
a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
index dc6294ff28..7cc6531ec7 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/panama/LocalStrings.properties
@@ -83,6 +83,7 @@ opensslconf.finishFailed=OpenSSLConf finish failed with
result [{0}]
opensslconf.noCommandName=OpenSSLConf no command name - will be ignored
(command value [{0}])
opensslconf.resultCommand=OpenSSLConf command (name [{0}], value [{1}])
returned [{2}]
opensslconf.unknownCommandType=SSL_CONF command [{0}] type unknown
+opensslconf.unsupported=The OpenSSL implementation does not support OpenSSLConf
openssllibrary.ciphersFailure=Failed getting cipher list
openssllibrary.currentFIPSMode=Current FIPS mode: [{0}]
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 29d017f496..1823fd99e9 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -174,14 +174,18 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (log.isTraceEnabled()) {
log.trace(sm.getString("openssl.makeConf"));
}
-confCtx = SSL_CONF_CTX_new();
-if (MemorySegment.NULL.equals(confCtx)) {
-throw new SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+if (!openssl_h_Compatibility.BORINGSSL) {
+confCtx = SSL_CONF_CTX_new();
+if (MemorySegment.NULL.equals(confCtx)) {
+throw new
SSLException(sm.getString("openssl.errMakeConf",
OpenSSLLibrary.getLastError()));
+}
+SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
+SSL_CONF_FLAG_SERVER() |
+SSL_CONF_FLAG_CERTIFICATE() |
+SSL_CONF_FLAG_SHOW_ERRORS());
+} else {
+log.error(sm.getString("opensslconf.unsupported"));
}
-SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
-SSL_CONF_FLAG_SERVER() |
-SSL_CONF_FLAG_CERTIFICATE() |
-SSL_CONF_FLAG_SHOW_ERRORS());
}
// SSL protocol
@@ -1396,7 +1400,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
this.confCtx =
confCtx.reinterpret(ValueLayout.ADDRESS.byteSize(), stateArena,
(MemorySegment t) -> SSL_CONF_CTX_free(t));
} else {
-this.confCtx = null;
+this.confCtx = MemorySegment.NULL;
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3889e502db..e84918a8e5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -152,6 +152,9 @@
Return null SSL session id on zero length byte array returned from the
SSL implementation. (remm)
+
+Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Align buffer use pattern with the FFM code
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 2a13740f70 Align buffer use pattern with the FFM code
2a13740f70 is described below
commit 2a13740f706650515c5e3778b842077db117aa45
Author: remm
AuthorDate: Mon Oct 7 15:01:46 2024 +0200
Align buffer use pattern with the FFM code
This uses 18KB of memory per connection.
---
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 10 ++
webapps/docs/changelog.xml | 4
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 99bd981944..890d473374 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -136,6 +136,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
private final OpenSSLState state;
private final Cleanable cleanable;
+private ByteBuffer buf =
ByteBuffer.allocateDirect(MAX_ENCRYPTED_PACKET_LENGTH);
private enum Accepted { NOT, IMPLICIT, EXPLICIT }
private Accepted accepted = Accepted.NOT;
@@ -225,6 +226,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
cleanable.clean();
// internal errors can cause shutdown without marking the engine
closed
isInboundDone = isOutboundDone = engineClosed = true;
+ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -252,7 +254,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
return sslWrote;
}
} else {
-ByteBuffer buf = ByteBuffer.allocateDirect(len);
try {
final long addr = Buffer.address(buf);
@@ -273,7 +274,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
} finally {
buf.clear();
-ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -300,7 +300,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
return netWrote;
}
} else {
-ByteBuffer buf = ByteBuffer.allocateDirect(len);
try {
final long addr = Buffer.address(buf);
@@ -318,7 +317,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
} finally {
buf.clear();
-ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -346,7 +344,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
final int pos = dst.position();
final int limit = dst.limit();
final int len = Math.min(MAX_ENCRYPTED_PACKET_LENGTH, limit - pos);
-final ByteBuffer buf = ByteBuffer.allocateDirect(len);
try {
final long addr = Buffer.address(buf);
@@ -362,7 +359,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
} finally {
buf.clear();
-ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -386,7 +382,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
checkLastError();
}
} else {
-final ByteBuffer buf = ByteBuffer.allocateDirect(pending);
try {
final long addr = Buffer.address(buf);
@@ -403,7 +398,6 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
} finally {
buf.clear();
-ByteBufferUtils.cleanDirectBuffer(buf);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e95416ec92..06bdfefdc6 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -134,6 +134,10 @@
Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+
+Align buffer reuse of the OpenSSLEngine for tomcat-native with the FFM
+code. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69380] New: Tomcat 8.5.100 Core Binary Distrubution software download links are broken
https://bz.apache.org/bugzilla/show_bug.cgi?id=69380 Bug ID: 69380 Summary: Tomcat 8.5.100 Core Binary Distrubution software download links are broken Product: Tomcat Connectors Version: unspecified Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: normal Priority: P2 Component: Common Assignee: dev@tomcat.apache.org Reporter: jb5...@att.com Target Milestone: --- Greetings, The links to download Tomcat 8.5.100 on the tomcat 8 software downloads page are broken. It wasn't clear how to report issues with the downloads so I am filing this report in hopes that it can get to someone who will be able to fix the broken links. Tomcat 8 Software Downloads: https://tomcat.apache.org/download-80.cgi broken link to zip Core binary distribution: https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.100/bin/apache-tomcat-8.5.100.zip broken Link to tar.gz Core binary distribution: https://dlcdn.apache.org/tomcat/tomcat-8/v8.5.100/bin/apache-tomcat-8.5.100.tar.gz Please note: We realize this Tomcat 8 is no longer supported, we are looking to download this archived version in order to support a legacy application which is incompatible with tomcat 9+ and has a security vulnerability in the currently deployed tomcat 8 version. Thanks in advance for any assistance you can provide with this issue! Jim Beasley AT&T -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0
Am 03.10.24 um 19:58 schrieb Mark Thomas: The proposed Apache Tomcat 11.0.0 release is now available for voting. The notable changes compared to 11.0.0-M26 include: - Multiple fixes and improvements for WebDAV - Improvements to the recently adding request/response recycling for HTTP/2 - Improve the stability of Tomcat Native during GC For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. Applications using deprecated APIs may require further changes. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1517 The tag is: https://github.com/apache/tomcat/tree/11.0.0 56e547d387ab49f688c93fe9ca082b1b5d94deed The proposed 11.0.0 release is: [ ] -1 Broken - do not release [X] +1 Stable - go ahead and release as 11.0.0 +1 and Congrats to 11.0.0 GA! Tested on platforms - RHEL 6, 7, 8 and 9, SLES 11, 12 and 15 using - JDK 17, 21, 23 and 24 (current EA) from - Eclipse Adoptium, Azul Zulu, Amazon Coretto, Oracle, RedHat and OpenJDK (for the EA) where available. Also tested with - tcnative 1.3.1, tcnative 2.0.8 and panama based on - OpenSSL 3.0.15, 3.1.7, 3.2.3, 3.3.2 and 3.4.0alpha1. All fine, except for the usual sporadic crashes with tcnative during shutdown and also the known bunch of test failures with JDK 24. Of course JDK 24 EA problems are not a showstopper in any way. The new failure for TestHostManagerWebapp was fixed by Remy in the test class. It is a new test and the failure in my setup does not indicate a problem for the tested code. Thanks for RM! Best regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.31
Am 03.10.24 um 23:35 schrieb Christopher Schultz: The proposed Apache Tomcat 10.1.31 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.30 are: - Multiple fixes and improvements for WebDAV - Improvements to the recently adding request/response recycling for HTTP/2 - Improve the stability of Tomcat Native during GC For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.31/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1518 The tag is: https://github.com/apache/tomcat/tree/10.1.31 https://github.com/apache/tomcat/commit/ b07cda9f3cc385f6f2d6c0701a050317979745dc Please reply with a +1 for release or +0/-0/-1 with an explanation. +1 Tested on platforms - RHEL 6, 7, 8 and 9, SLES 11, 12 and 15, Solaris 11 Sparc using - JDK 11, 17, 21, 23 and 24 (current EA) from - Eclipse Adoptium, Azul Zulu, Amazon Coretto, Oracle, RedHat and OpenJDK (for the EA) where available. Also tested with - tcnative 1.3.1, tcnative 2.0.8 and panama based on - OpenSSL 3.0.15, 3.1.7, 3.2.3, 3.3.2 and 3.4.0alpha1. All fine, except for the usual sporadic crashes with tcnative during shutdown and also the known bunch of test failures with JDK 24. Of course JDK 24 EA problems are not a showstopper in any way. The new failure for TestHostManagerWebapp was fixed by Remy in the test class. It is a new test and the failure in my setup does not indicate a problem for the tested code. Thanks for RM! Best regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.96
Am 03.10.24 um 22:32 schrieb Rémy Maucherat: The proposed Apache Tomcat 9.0.96 release is now available for voting. The notable changes compared to 9.0.95 are: - Multiple fixes and improvements for WebDAV. - Improvements to the recently adding request/response recycling for HTTP/2. - Improve the stability of Tomcat Native during GC. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.96/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1519 The tag is: https://github.com/apache/tomcat/tree/9.0.96 7ecea31658766b7d0ce7fee5a34564b67c68e789 The proposed 9.0.96 release is: [ ] -1, Broken - do not release [X] +1, Stable - go ahead and release as 9.0.96 +1 Tested on platforms - RHEL 6, 7, 8 and 9, SLES 11, 12 and 15, Solaris 10+11 Sparc using - JDK 1.8.0, 11, 17, 21, 23 and 24 (current EA) from - Eclipse Adoptium, Azul Zulu, Amazon Coretto, Oracle, RedHat and OpenJDK (for the EA) where available. Also tested with - tcnative 1.3.1, tcnative 2.0.8 and panama based on - OpenSSL 3.0.15, 3.1.7, 3.2.3, 3.3.2 and 3.4.0alpha1. All fine, except for the usual sporadic crashes with tcnative during shutdown and also the known bunch of test failures with JDK 24. Of course JDK 24 EA problems are not a showstopper in any way. The new failure for TestHostManagerWebapp was fixed by you (thanks) in the test class. It is a new test and the failure in my setup does not indicate a problem for the tested code. Thanks for RM! Best regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Add release date for 11.0.0-M26
This is an automated email from the ASF dual-hosted git repository. rjung pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/11.0.x by this push: new f7c9443b1f Add release date for 11.0.0-M26 f7c9443b1f is described below commit f7c9443b1f904ac7385e450a65940d923a998ea4 Author: Rainer Jung AuthorDate: Mon Oct 7 16:01:52 2024 +0200 Add release date for 11.0.0-M26 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 06bdfefdc6..e44844841a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -299,7 +299,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Add release date for 9.0.95
This is an automated email from the ASF dual-hosted git repository. rjung pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new a0b90c8243 Add release date for 9.0.95 a0b90c8243 is described below commit a0b90c8243a27fc428e96bcbde205825d9cdf131 Author: Rainer Jung AuthorDate: Mon Oct 7 16:03:34 2024 +0200 Add release date for 9.0.95 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b374b15c7f..ba1cacb9e6 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -283,7 +283,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69381] New: Excess object copying while evaluating reflective method calls
https://bz.apache.org/bugzilla/show_bug.cgi?id=69381
Bug ID: 69381
Summary: Excess object copying while evaluating reflective
method calls
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: EL
Assignee: dev@tomcat.apache.org
Reporter: jeng...@amazon.com
Target Milestone: -
Evaluating JSP EL expressions with reflective operations ("${beanA.getBean()}")
is slow because the reflective objects are copied on each execution.
Specifically, javax.el.Util.findMethod() calls java.lang.Class.getMethods().
In OpenJDK, getMethods() makes a call to duplicate the source-of-truth array.
>From OpenJDK source:
return copyMethods(privateGetPublicMethods());
An easy optimization would be to store the array in a ConcurrentHashMap for
later reuse; I'm not certain whether there are ways to use Class.getMethod() to
more specifically retrieve the targeted Method.
A local benchmark based on TestELParserPerformance shows that a
ConcurrentHashMap accelerates this expression 50% (from 1070ns to 500ns) and
reduces memory allocation by 75% (from 248MB to 64MB).
Static ConcurrentHashMaps have disadvantages, but this is a large impact,
especially on objects with many methods. The benchmark numbers above featured
8 Methods but tests with larger objects confirm a linear increase in memory
allocation and a sub-linear increase in runtime.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69380] Tomcat 8.5.100 Core Binary Distrubution software download links are broken
https://bz.apache.org/bugzilla/show_bug.cgi?id=69380 --- Comment #2 from Michael Osipov --- (In reply to Remy Maucherat from comment #1) > Since Tomcat 8.5 is now EOL, downloads were taken down. It is still > available in the archive (Download -> Archives). But this does not free us from removing dead links. Just not correct to still have them. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69380] Tomcat 8.5.100 Core Binary Distrubution software download links are broken
https://bz.apache.org/bugzilla/show_bug.cgi?id=69380 --- Comment #3 from Chuck Caldarale --- I don't see any dead links to the EOL versions on the Tomcat home page, although there is one on the "Older news" page - but not for the 8.5.100 version. The OP may well have had the reported links squirreled away somewhere. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Playing with 103 Early Hints
All,
On 10/7/24 16:52, Christopher Schultz wrote:
All,
I thought it might be "fun" to play around with 103 Early Hints, which
is a feature with support added in servlet.next which means Tomcat 12.
It can be used currently with Tomcat 9.0 and later, as long as you are
willing to downcast the HttpServletResponse to a Tomcat-private class
and you can make a call to Response.sendEarlyHints.
It occurs to me that we (Tomcat) could make it easier for applications
to use this feature by providing something like a Filter that would use
Tomcat internal libraries, but insulate the application from such ugliness.
I have two ideas for how this would be implemented:
1. A new Filter dedicated to (a) setting Link headers and (b) calling
sendEarlyHints
2. As an option for the RewriteValve value, e.g. as a flag
I wrote a quick implementation of (1) above and it occurred to me that
is was pretty trivial, so I came up with idea (2) above as maybe a way
to add a feature to an existing component rather than building a new one.
When I started looking at the changes required for (2), it seems to me
that the only thing that made any sense would be to do the following:
RewriteRule .*\.jsp $0 [SEH]
The "SEH" is a proposed "Send Early Hints" flag which would invoke the
response.sendEarlyHints method which sends a 103 Early Hints
response and then proceeds with the rewrite/request.
I've decided that I don't really like (2) because you have to configure
a useless rewrite operation just to add the SEH flag. Also, RewriteValve
doesn't help you with the Link headers so you are back to writing a
Filter and then arranging to have that Filter run *before* RewriteValve
which ... could be a problem for you.
So I think I'm going to pursue option (1) above, looking at doing
something like I have below. Comments welcome and encouraged.
-chris
=== CUT ===
package org.apache.catalina.filters;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletResponse;
/**
* A Filter that adds a series of
*/
public class EarlyHintsFilter
implements Filter
{
private final ArrayList hints = new ArrayList();
@Override
public void init(FilterConfig config) throws ServletException {
Enumeration paramNames = config.getInitParameterNames();
while(paramNames.hasMoreElements()) {
String name = paramNames.nextElement();
hints.add(config.getInitParameter(name));
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse rsp = (HttpServletResponse)response;
if(!hints.isEmpty()) {
for(String hint : hints) {
rsp.addHeader("Link", hint);
}
rsp.sendEarlyHints();
// for Tomcat 11 and earlier, this is:
((org.apache.catalina.connector.Response)rsp).sendEarlyHints();
Two changes:
1. The cast needs to be to ResponseFacade
2. I need to call chain.doFilter(...)
;)
-chris
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 11.0.x updated: RateLimitFilter code cleanup per commit feedback
On Mon, Oct 7, 2024, 13:45 Mark Thomas wrote: > On 06/10/2024 13:36, isa...@apache.org wrote: > > This is an automated email from the ASF dual-hosted git repository. > > > > isapir pushed a commit to branch 11.0.x > > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > > > > The following commit(s) were added to refs/heads/11.0.x by this push: > > new 40c827edfe RateLimitFilter code cleanup per commit feedback > > 40c827edfe is described below > > > > commit 40c827edfeef991538d4f2e60c1d48ee2771d227 > > Author: Igal Sapir > > AuthorDate: Sun Oct 6 12:36:37 2024 -0700 > > > > RateLimitFilter code cleanup per commit feedback > > Not a direct comment on this commit but generally you may want to think > about implementing this: > > https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/ Sounds like a good idea. I'll look into it. Thank you, Igal > > Mark > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: Playing with 103 Early Hints
All,
On 10/7/24 16:52, Christopher Schultz wrote:
All,
I thought it might be "fun" to play around with 103 Early Hints, which
is a feature with support added in servlet.next which means Tomcat 12.
It can be used currently with Tomcat 9.0 and later, as long as you are
willing to downcast the HttpServletResponse to a Tomcat-private class
and you can make a call to Response.sendEarlyHints.
It occurs to me that we (Tomcat) could make it easier for applications
to use this feature by providing something like a Filter that would
use Tomcat internal libraries, but insulate the application from such
ugliness.
I have two ideas for how this would be implemented:
1. A new Filter dedicated to (a) setting Link headers and (b) calling
sendEarlyHints
2. As an option for the RewriteValve value, e.g. as a flag
I wrote a quick implementation of (1) above and it occurred to me that
is was pretty trivial, so I came up with idea (2) above as maybe a way
to add a feature to an existing component rather than building a new one.
When I started looking at the changes required for (2), it seems to me
that the only thing that made any sense would be to do the following:
RewriteRule .*\.jsp $0 [SEH]
The "SEH" is a proposed "Send Early Hints" flag which would invoke the
response.sendEarlyHints method which sends a 103 Early Hints
response and then proceeds with the rewrite/request.
I've decided that I don't really like (2) because you have to
configure a useless rewrite operation just to add the SEH flag. Also,
RewriteValve doesn't help you with the Link headers so you are back to
writing a Filter and then arranging to have that Filter run *before*
RewriteValve which ... could be a problem for you.
So I think I'm going to pursue option (1) above, looking at doing
something like I have below. Comments welcome and encouraged.
I build a practical example to test this with my own application, and I
found that the following implementation contains everything I needed to
use 103 Early Hints in a practical way.
Example configuration:
=== CUT ===
Configures the application to send Early Hints to load resources
such as CSS and scripts.
early-hints
org.apache.catalina.filters.EarlyHintsFilter
csp.a
default-src:self;
link.a
<${contextPath}/css/site.css>; rel=preload;
as=style
link.b
<${contextPath}/js/scripts.js>; rel=preload;
as=style
early-hints
*.do
=== CUT ===
package org.apache.catalina.filters;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.ResponseFacade;
/**
* A Filter that adds a series of
*/
public class EarlyHintsFilter
implements Filter
{
private final ArrayList csps = new ArrayList(1);
private final ArrayList hints = new ArrayList();
@Override
public void init(FilterConfig config) throws ServletException {
Enumeration paramNames = config.getInitParameterNames();
while(paramNames.hasMoreElements()) {
String name = paramNames.nextElement();
if(name.startsWith("csp.")) {
csps.add(config.getInitParameter(name));
} else if(name.startsWith("link.")) {
String hint = config.getInitParameter(name);
int pos = hint.indexOf("${contextPath}");
if(pos >= 0) {
hint = hint.replace("${contextPath}",
config.getServletContext().getContextPath());
}
hints.add(hint);
} else {
config.getServletContext().log("WARNING: Unexpected
init-param to EarlyHintsFilter: " + name);
}
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse rsp = (HttpServletResponse)response;
if(!csps.isEmpty()) {
for(String csp : csps) {
rsp.addHeader("Content-Security-Policy", csp);
}
}
if(!hints.isEmpty()) {
for(String hint : hints) {
rsp.addHeader("Link", hint);
}
((ResponseFacade)rsp).sendEarlyHints();
}
chain.doFilter(request, response);
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69382] Inefficient code generated for
https://bz.apache.org/bugzilla/show_bug.cgi?id=69382 John Engebretson changed: What|Removed |Added Resolution|--- |INVALID OS||All Status|NEW |RESOLVED --- Comment #1 from John Engebretson --- Apologies, coworker pointed out that I misread the evaluated strings. Sorry, staring at code all day. :) Closing. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69382] New: Inefficient code generated for
https://bz.apache.org/bugzilla/show_bug.cgi?id=69382
Bug ID: 69382
Summary: Inefficient code generated for
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Jasper
Assignee: dev@tomcat.apache.org
Reporter: jeng...@amazon.com
Target Milestone: -
This JSP fragment:
translates into a single, very long line of Java:
org.apache.jasper.runtime.JspRuntimeLibrary.include(request, response,
(java.lang.String)
org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate("${feature.template}",
java.lang.String.class, (javax.servlet.jsp.PageContext)_jspx_page_context,
null) + (((java.lang.String)
org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate("${feature.template}",
java.lang.String.class, (javax.servlet.jsp.PageContext)_jspx_page_context,
null)).indexOf('?')>0? '&': '?') +
org.apache.jasper.runtime.JspRuntimeLibrary.URLEncode("featureName",
request.getCharacterEncoding())+ "=" +
org.apache.jasper.runtime.JspRuntimeLibrary.URLEncode((java.lang.String)
org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate("${feature.featureName}",
java.lang.String.class, (javax.servlet.jsp.PageContext)_jspx_page_context,
null), request.getCharacterEncoding()), out, false);
Formatting is unhelpful, however there's a problem buried in there:
"${feature.template}" is evaluated twice, presumably with the same output both
times. The JSP snippet clearly does not intend two evaluations so it should be
possible to execute once and reuse the value.
In addition, there are two calls to request.getCharacterEncoding()... which
seems simple until our application wraps that value multiple layers deep:
ServletRequestWrapper
ServletRequestWrapper
ApplicationHttpRequest
ApplicationHttpRequest
ApplicationHttpRequest
ApplicationHttpRequest
RequestFacade
Request
Reusing this value would also be helpful.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch 11.0.x updated: RateLimitFilter code cleanup per commit feedback
On 06/10/2024 13:36, isa...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. isapir pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/11.0.x by this push: new 40c827edfe RateLimitFilter code cleanup per commit feedback 40c827edfe is described below commit 40c827edfeef991538d4f2e60c1d48ee2771d227 Author: Igal Sapir AuthorDate: Sun Oct 6 12:36:37 2024 -0700 RateLimitFilter code cleanup per commit feedback Not a direct comment on this commit but generally you may want to think about implementing this: https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/ Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Playing with 103 Early Hints
All,
I thought it might be "fun" to play around with 103 Early Hints, which
is a feature with support added in servlet.next which means Tomcat 12.
It can be used currently with Tomcat 9.0 and later, as long as you are
willing to downcast the HttpServletResponse to a Tomcat-private class
and you can make a call to Response.sendEarlyHints.
It occurs to me that we (Tomcat) could make it easier for applications
to use this feature by providing something like a Filter that would use
Tomcat internal libraries, but insulate the application from such ugliness.
I have two ideas for how this would be implemented:
1. A new Filter dedicated to (a) setting Link headers and (b) calling
sendEarlyHints
2. As an option for the RewriteValve value, e.g. as a flag
I wrote a quick implementation of (1) above and it occurred to me that
is was pretty trivial, so I came up with idea (2) above as maybe a way
to add a feature to an existing component rather than building a new one.
When I started looking at the changes required for (2), it seems to me
that the only thing that made any sense would be to do the following:
RewriteRule .*\.jsp $0 [SEH]
The "SEH" is a proposed "Send Early Hints" flag which would invoke the
response.sendEarlyHints method which sends a 103 Early Hints
response and then proceeds with the rewrite/request.
I've decided that I don't really like (2) because you have to configure
a useless rewrite operation just to add the SEH flag. Also, RewriteValve
doesn't help you with the Link headers so you are back to writing a
Filter and then arranging to have that Filter run *before* RewriteValve
which ... could be a problem for you.
So I think I'm going to pursue option (1) above, looking at doing
something like I have below. Comments welcome and encouraged.
-chris
=== CUT ===
package org.apache.catalina.filters;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletResponse;
/**
* A Filter that adds a series of
*/
public class EarlyHintsFilter
implements Filter
{
private final ArrayList hints = new ArrayList();
@Override
public void init(FilterConfig config) throws ServletException {
Enumeration paramNames = config.getInitParameterNames();
while(paramNames.hasMoreElements()) {
String name = paramNames.nextElement();
hints.add(config.getInitParameter(name));
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse rsp = (HttpServletResponse)response;
if(!hints.isEmpty()) {
for(String hint : hints) {
rsp.addHeader("Link", hint);
}
rsp.sendEarlyHints();
// for Tomcat 11 and earlier, this is:
((org.apache.catalina.connector.Response)rsp).sendEarlyHints();
}
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Playing with 103 Early Hints
All,
Top-posting to add another option for getting 103 Early Hints into the
hands of application developers:
3. Allow applications to call response.sendError(103) or
response.setStatus(103), to which Tomcat will simply call its own
sendEarlyHints() method and return control to the application.
If you do this today in Tomcat 9, the client hangs waiting for a
response after the 103 is sent.
Does this seem like a nice hack to implement?
-chris
On 10/7/24 17:36, Christopher Schultz wrote:
All,
On 10/7/24 16:52, Christopher Schultz wrote:
All,
I thought it might be "fun" to play around with 103 Early Hints,
which is a feature with support added in servlet.next which means
Tomcat 12. It can be used currently with Tomcat 9.0 and later, as
long as you are willing to downcast the HttpServletResponse to a
Tomcat-private class and you can make a call to Response.sendEarlyHints.
It occurs to me that we (Tomcat) could make it easier for
applications to use this feature by providing something like a Filter
that would use Tomcat internal libraries, but insulate the
application from such ugliness.
I have two ideas for how this would be implemented:
1. A new Filter dedicated to (a) setting Link headers and (b) calling
sendEarlyHints
2. As an option for the RewriteValve value, e.g. as a flag
I wrote a quick implementation of (1) above and it occurred to me
that is was pretty trivial, so I came up with idea (2) above as maybe
a way to add a feature to an existing component rather than building
a new one.
When I started looking at the changes required for (2), it seems to
me that the only thing that made any sense would be to do the following:
RewriteRule .*\.jsp $0 [SEH]
The "SEH" is a proposed "Send Early Hints" flag which would invoke
the response.sendEarlyHints method which sends a 103 Early Hints
response and then proceeds with the rewrite/request.
I've decided that I don't really like (2) because you have to
configure a useless rewrite operation just to add the SEH flag. Also,
RewriteValve doesn't help you with the Link headers so you are back
to writing a Filter and then arranging to have that Filter run
*before* RewriteValve which ... could be a problem for you.
So I think I'm going to pursue option (1) above, looking at doing
something like I have below. Comments welcome and encouraged.
I build a practical example to test this with my own application, and I
found that the following implementation contains everything I needed to
use 103 Early Hints in a practical way.
Example configuration:
=== CUT ===
Configures the application to send Early Hints to load resources
such as CSS and scripts.
early-hints
org.apache.catalina.filters.EarlyHintsFilter
csp.a
default-src:self;
link.a
<${contextPath}/css/site.css>; rel=preload;
as=style
link.b
<${contextPath}/js/scripts.js>; rel=preload;
as=style
early-hints
*.do
=== CUT ===
package org.apache.catalina.filters;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.ResponseFacade;
/**
* A Filter that adds a series of
*/
public class EarlyHintsFilter
implements Filter
{
private final ArrayList csps = new ArrayList(1);
private final ArrayList hints = new ArrayList();
@Override
public void init(FilterConfig config) throws ServletException {
Enumeration paramNames = config.getInitParameterNames();
while(paramNames.hasMoreElements()) {
String name = paramNames.nextElement();
if(name.startsWith("csp.")) {
csps.add(config.getInitParameter(name));
} else if(name.startsWith("link.")) {
String hint = config.getInitParameter(name);
int pos = hint.indexOf("${contextPath}");
if(pos >= 0) {
hint = hint.replace("${contextPath}",
config.getServletContext().getContextPath());
}
hints.add(hint);
} else {
config.getServletContext().log("WARNING: Unexpected
init-param to EarlyHintsFilter: " + name);
}
}
}
@Override
public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse rsp = (HttpServletResponse)response;
if(!csps.isEmpty()) {
for(String csp : csps) {
rsp.addHeader("Content-Security-Policy", csp);
}
}
Notes from today's Tomcat 12 panel discussion at CoC Denver
All, These are some brief notes I took during today's meeting about community expectations and desires for Tomcat 12. I think it's worth possibly separating these out into individual discussion threads so things don't get too convoluted in one major thread. So if anyone wants to lead the conversation on any of the below items, please post a new thread to get the conversation going. == Items Discussed at Coc Denver Formally certify a non-milestone release of Tomcat 11 for Jakarta EE APIs. QUIC - requires some more thought. What does OpenSSL provide? What about collaboration options with other projects? Keep JASPIC/JEE Authentication. Some straightforward tutorials or "getting started" types of things would be helpful. OCSP for client certs - let’s not do this as OCSP might be disappearing entirely. FFM - nobody cares about tcnative, so FFM sounds like a good move. Some interest in encryption for multicast clustering. No opinions on WebTransport. No opinions on WebSocket over h2. Should Tomcat stop applications doing stupid things such as explicitly setting chunked encoding? Mixed responses. Definitely don't want any significant performance impact on applications that are well-behaved. Could this be an optional Valve that simply enforces these rules? AJP - definite proposal to remove from T12 (schultz), announce our intention to deprecate mod_jk in favor of moving features into mod_proxy_ajp and mod_proxy_balancer. OAuth(2) - based authentication e.g. to allow Tomcat to authenticate users from a public identity provider such as Google, fb, etc. - Shawn and schultz were interested in the concept. Are there any JASPIC-based providers that already provide this type of thing? No opinions on Maven Tomcat Plugin. Possible Google SoC project to resurrect this and get it working with a current Tomcat version? == In the pub track at the end of the day, I proposed bringing back the BIO connector with Virtual Threads as the magic which makes everything work. markt is convinced the idea has merit and on initial hand-waving conversation, he thinks that maybe just maybe Tomcat 12 could dump both NIO and NIO2 connectors, the Poller and other complexities. Servlet async and Websocket both seem to have solutions based upon BIO and VT. The question is whether or not VT will reach the level of maturity required for Tomcat and downstream users to rely on it for production workloads. Our initial sense is that yes, the promises of VT will be realized in the timeframe during which Tomcat 12 will become stable. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69382] Inefficient code generated for
https://bz.apache.org/bugzilla/show_bug.cgi?id=69382
Anurag Dubey changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALID |---
--- Comment #2 from Anurag Dubey ---
The concern is valid, see how these repeated-evaluations can possibly be
commonized for the shared code snippet -
```
String proprietaryEvaluatedFeatureTemplate = (String)
PageContextImpl.proprietaryEvaluate("${feature.template}", String.class,
(PageContext) _jspx_page_context, null);
char seperator = (proprietaryEvaluatedFeatureTemplate).indexOf('?') > 0 ?
'&' : '?';
String characterEncoding = request.getCharacterEncoding();
String proprietaryEvaluatedFeatureName = (String)
PageContextImpl.proprietaryEvaluate("${feature.featureName}", String.class,
(PageContext) _jspx_page_context,
null);
String featureName = proprietaryEvaluatedFeatureTemplate + seperator +
JspRuntimeLibrary.URLEncode("featureName", characterEncoding) + "=" +
JspRuntimeLibrary.URLEncode(proprietaryEvaluatedFeatureName,
characterEncoding);
org.apache.jasper.runtime.JspRuntimeLibrary.include(request, response,
featureName, out, false);
```
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
